In the long term I think that this is a good idea, but at the moment I don't think that there is enough developer
resource/interest yet to create a separate list or page.
OpenSim shouldn't be subject to classic C issues such as buffer overruns since it runs within a virtual machine
(.NET/Mono) if that's what you're worried about. Vulnerabilities in the VM would belong to these projects rather than
OpenSim. Of course, there's still the possibility of security issues within the OpenSim system itself (e.g.
unauthorized deletion of prims).
I'm afraid that the solution for now for security issues is to watch these lists, perhaps external blogs and the commit
messages/mailing list if you're really worried about internal OpenSim system issues.
On 03/01/12 02:05, Edmund Edgar wrote:
When, like with OpenSim, I install software from source on a server I
run, I like to make sure that if somebody finds a security hole that I
need to take care of, I'm going to find out about it.
I don't think there are a lot of recent issues I need to particularly
worry about, but if something does show up, is there a way to be sure
I'll know about it, apart from reading this list diligently? Something
like:
1) A low-traffic announcements e-mail list that I can subscribe to.
2) A page that I can check periodically where I know I'll be able to
find information about security issues, if there are any.
This is how Drupal does it: A newsletter that will send me stuff, and
a page I can check periodically in case I've missed something. (They
also have RSS feeds.)
http://drupal.org/security
If not, could we have one?
--
Justin Clark-Casey (justincc)
http://justincc.org/blog
http://twitter.com/justincc
_______________________________________________
Opensim-users mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-users
